Sign up for your FREE personalized newsletter featuring insights, trends, and news for America's Active Baby Boomers

Newsletter
New

Trying To Link An Existing Cognito User With A Newly Created Federated User With Different Emails

Card image cap

I have a particular auth flow that requires us to verify a user's email domain before allowing them to login, but we also want them to be able to log in with any method they want

The login flow looks like this:

  • User registers on a login page with their business email (domain that needs to be verified), first name, and last name
  • We look up their email domain in a database to check that the domain should be granted access
  • Once we have verified the domain and they have registered, we send them an email with a link to login
    • in the backend we are running a cognito:sign_up and a cognito:forgot_password
    • running forgot password allows us to require a confirmation code, and we create a link that includes the confirmation code in the query string
  • When they click the link to log in, they are directed to a page where they can set their password, or they can login with social login (let's say google). The next time they log in, they use google.
    • In theory, it would be amazing to run a simple account link at this point to link the accounts so that their business email is associated with their google account. However, it seems that I have two issues blocking me from doing this:
      • I cannot pass any information to the pre-sign-up trigger for logging in with google, which means I can't pass the existing Cognito User ID or the business email of the existing user.
      • I cannot link accounts after the federated user has already signed in.

Any ideas on how to solve this, either with the login flow or the google auth flow? My only idea here is attempting a link in the pre-sign-up trigger for the google account by looking up the existing user with the first name and last name. This may work most of the time, but in case anyone types their name incorrectly or doesn't have their name on their google account, we may not be able to link the acccounts correctly.

Failure in linking the account isn't the end of the world for access, but it causes some other data issues for us down the line that I'm not going to get into here.

Back to Listing
credit: 
Recent